基于代码防泄漏的代码复用攻击防御技术  被引量：5

作　　者：王烨[1,2] 李清宝[1,2] 曾光裕[1,2] 陈志锋[1,2] Wang Ye;Li Qingbao;Zeng Guangyu;Chen Zhifeng

机构地区：[1]解放军信息工程大学,郑州450001 [2]数学工程与先进计算国家重点实验室(解放军信息工程大学),郑州450001

出　　处：《计算机研究与发展》2016年第10期2277-2287,共11页Journal of Computer Research and Development

基　　金：国家社会科学基金项目(15AGJ012);"核高基"国家科技重大专项基金项目(2013JH00103)~~

摘　　要：随着地址空间布局随机化被广泛部署于操作系统上,传统的代码复用攻击受到了较好的抑制.但新型的代码复用攻击能通过信息泄露分析程序的内存布局而绕过地址空间布局随机化(address space layout randomization,ASLR),对程序安全造成了严重威胁.通过分析传统代码复用攻击和新型代码复用攻击的攻击本质,提出一种基于代码防泄漏的代码复用攻击防御方法 VXnR,并在Bitvisor虚拟化平台上实现了VXnR,该方法通过将目标进程的代码页设置可执行不可读(Execute-no-Read,XnR),使代码可以被处理器正常执行,但在读操作时根据被读物理页面的存储内容对读操作进行访问控制,从而阻止攻击者利用信息泄露漏洞恶意读进程代码页的方法搜索gadgets,实验结果表明:该方法既能防御传统的代码复用攻击,还能够防御新型的代码复用攻击,且性能开销在52.1%以内.As the address space layout randomization ( ASLR) is widely deployed on operating systems, traditional code reuse attacks are suppressed. New code reuse attacks analyze program memory layout through information leak to bypass ASLR, which causes a serious threat to the safety of programs. By analyzing the nature of traditional code reuse attacks and new code reuse attacks, wepropose a code reuse attack protection technique VXnR based on code anti-leakage. In this method,we set Execute-no-Read (XnR) permission for the code pages of the target process so that code can beproperly executed by the processor, but a read operation is controlled according to the content in thephysical page to be accessed, which can prevent attackers from maliciously reading code pages ofprocess to search gadgets by using the information disclosure vulnerability, and defense bothtraditional code reuse attacks and new code reuse attacks. We have developed a prototype of VXnRand implemented it in a virtual machine monitor Bitvisor. We also evaluate the effectiveness and performance overhead of our approach by comprehensive experiments. The experimental results show that VXnR can effectively prevent attackers from exploiting executable code of the target process to launch code reuse attacks with less than 52. 1% overhead.

关 键 词：地址空间布局随机化 代码复用攻击 程序安全 信息泄露 虚拟化 

分 类 号：TP303[自动化与计算机技术—计算机系统结构] TP309[自动化与计算机技术—计算机科学与技术]